Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 6e4ae3b..f1a5a1e 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -62,6 +62,7 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
+#include <openssl/bn.h>
 
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	{
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index f7dbdf7..e18f4bc 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -100,7 +100,7 @@
 		BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
 		return NULL;
 	}
-	sz = (len<0) ? strlen(buf) : len;
+	sz = (len<0) ? strlen(buf) : (size_t)len;
 	if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
 	b = (BUF_MEM *)ret->ptr;
 	b->data = buf;
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index d6363de..e5af9a0 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -306,7 +306,7 @@
 							void *exarg)
 	{
 	ASN1_STREAM_ARG *sarg = exarg;
-	CMS_ContentInfo *cms;
+	CMS_ContentInfo *cms = NULL;
 	if (pval)
 		cms = (CMS_ContentInfo *)*pval;
 	else
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
index a927caa..e3da755 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -121,7 +121,7 @@
 
 	if (verify)
 		{
-		if (mdlen != dd->digest->length)
+		if (mdlen != (unsigned int)dd->digest->length)
 			{
 			CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
 				CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index f96c46f..fad756e 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -151,7 +151,7 @@
 			goto err;
 		keep_key = 1;
 		}
-	else if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx))
+	else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
 		{
 		/* If necessary set key length */
 		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
@@ -200,7 +200,7 @@
 	return NULL;
 	}
 
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
+static int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
 				const EVP_CIPHER *cipher,
 				const unsigned char *key, size_t keylen)
 	{
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 39ebe5a..796b0d3 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -118,7 +118,7 @@
 /* Add a recipient certificate. For now only handle key transport.
  * If we ever handle key agreement will need updating.
  */
-
+#if 0 /* currently unused/undeclared */
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 					X509 *recip, unsigned int flags)
 	{
@@ -208,6 +208,7 @@
 	return NULL;
 
 	}
+#endif
 
 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
 					EVP_PKEY **pk, X509 **recip,
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 7b118b8..a8cefd0 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -414,7 +414,7 @@
 		}
 	}
 
-STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
+static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
 	{
 	switch (OBJ_obj2nid(cms->contentType))
 		{
@@ -492,7 +492,7 @@
 	return r;
 	}
 
-STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
+static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
 	{
 	switch (OBJ_obj2nid(cms->contentType))
 		{
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index dc8e896..4483593 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -451,7 +451,7 @@
 
 	}
 
-int CMS_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
 	{
 	ASN1_TIME *tt;
 	int r = 0;
@@ -608,7 +608,7 @@
 		*psig = si->signatureAlgorithm;
 	}
 
-int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
+static int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
 	{
 	EVP_MD_CTX mctx;
 	int r = 0;
@@ -699,7 +699,7 @@
 
 	if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
 		{
-		if (!CMS_add1_signingTime(si, NULL))
+		if (!cms_add1_signingTime(si, NULL))
 			goto err;
 		}
 
@@ -856,7 +856,7 @@
 				CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
 			goto err;
 			}
-		if (mlen != os->length)
+		if (mlen != (unsigned int)os->length)
 			{
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
 				CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 420cfcd..b56edda 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -60,6 +60,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/dh.h>
+#include <openssl/bn.h>
 #include "asn1_locl.h"
 
 static void int_dh_free(EVP_PKEY *pkey)
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 5803b1d..d415575 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -61,6 +61,8 @@
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
 #include "evp_locl.h"
 
 /* DH pkey context structure */
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index a39f4ce..52290f8 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -60,6 +60,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/dsa.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 73db6d2..3f7638c 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -60,6 +60,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/evp.h>
+#include <openssl/bn.h>
 #include "evp_locl.h"
 #include "dsa_locl.h"
 
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index b10e944..c1deea8 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -59,6 +59,7 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/ec.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
index 3a523c0..7d3e175 100644
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -65,6 +65,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/ec.h>
+#include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_FP_API
 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
index 0972813..7509033 100644
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -54,6 +54,7 @@
 
 #include "eng_int.h"
 #include "asn1_locl.h"
+#include <openssl/evp.h>
 
 /* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
  * function that is used by EVP to hook in pkey_asn1_meth code and cache
diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c
index 999fc0a..1cdb967 100644
--- a/crypto/engine/tb_pkmeth.c
+++ b/crypto/engine/tb_pkmeth.c
@@ -53,6 +53,7 @@
  */
 
 #include "eng_int.h"
+#include <openssl/evp.h>
 
 /* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
  * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index 4fd8c41..f78d781 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -223,7 +223,7 @@
 			return 1;
 			}
 		return 0;
-#if PBE_PRF_TEST
+#ifdef PBE_PRF_TEST
 	case EVP_CTRL_PBE_PRF_NID:
 		*(int *)ptr = NID_hmacWithMD5;
 		return 1;
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 17e0d54..30f8b05 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -61,6 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include <openssl/bn.h>
 #include "evp_locl.h"
 
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 818eda5..fa4496c 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -63,6 +63,7 @@
 #include <openssl/lhash.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
+#include <openssl/bn.h>
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #ifndef OPENSSL_NO_OBJECT
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 58a7f24..b694242 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -62,6 +62,9 @@
 #include "cryptlib.h"
 #include <openssl/pem.h>
 #include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
 
 /* Utility function: read a DWORD (4 byte unsigned integer) in little endian
  * format
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index e705f16..53e29c6 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -61,6 +61,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 7d6fef8..9dd0d4c 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -61,6 +61,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include <openssl/bn.h>
 #include <openssl/evp.h>
 #include "evp_locl.h"
 #include "rsa_locl.h"
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index fef8eee..fbd294b 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -58,6 +58,8 @@
 
 #include <string.h>
 
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <openssl/ts.h>